[toc]
温故而知新
Messaaging Layer:
heartbaet v1,v2,v3
corosync v1, v2(votequorum)
OpenAIS
CRM:
pacemaker 需要一个配置接口
配置接口:crmsh (由SUSE研发的),由pssh管理工具来实现
pcs (agent c/s ),pcsd来实现
conga(ricci运行在各结点上的进程/luci发送指令到各节点)组成
group,constraint(基于约束)
rgmanager(cman)
resouce group(资源组):
failover domain
RA:
LSB: /etc/rc.d/init.d
systemd: /etc/systemd/system/multi-user.wants
服务开机处于enable状态;
OCF:[provider]
heartbeat
pacemaker
linbit 基于内核跨节点的块设备
service
stonith
高可用集群的可用方案:
heartbeat v1
heartbeat v2
heartbeat v3 + pacemaker X
corosync + pacemaker
cman + rgmanager
corosync + cman + pacemaker
keepalived
Linux-HA-Cluster 2
Heartbeat集群之间传递心跳的方法
1、使用串型线缆
2、使用以太网通信
3、Unicast 单播,使用udpu,一般在不支持多播的网络中使用的
4、Mutlicast 多播/组播, 使用udp
5、Broadcast 广播,占用过高的网络资源
1、组播地址:
用于标识一个IP组播域:IANA把D类地址留给组播使用:224.0.0.0-239.255.255.255
永久组播地址:224.0.0.0-224.0.0.255
临时组播地址:224.0.1.0-238.255.255.255 建议使用临时组播地址
本地组播地址:239.0.0.0-239.255.255.255
2、配置以组播方式进行高可用集群通信
# 在Node1 和 Node2中执行
# yum -y install corosync pacemaker
# rpm -ql corosync #查看corosync安装完之后所生成的配置文件;
/etc/corosync
/etc/corosync/corosync.conf.example
/etc/corosync/corosync.conf.example.udpu
/etc/corosync/corosync.xml.example
/etc/corosync/uidgid.d
/etc/dbus-1/system.d/corosync-signals.conf
/etc/logrotate.d/corosync
/etc/sysconfig/corosync
/etc/sysconfig/corosync-notifyd
/usr/bin/corosync-blackbox
/usr/bin/corosync-xmlproc
/usr/lib/systemd/system/corosync-notifyd.service
/usr/lib/systemd/system/corosync.service
/usr/sbin/corosync
/usr/sbin/corosync-cfgtool
/usr/sbin/corosync-cmapctl
/usr/sbin/corosync-cpgtool
/usr/sbin/corosync-keygen
/usr/sbin/corosync-notifyd
/usr/sbin/corosync-quorumtool
/usr/share/corosync
/usr/share/corosync/corosync
/usr/share/corosync/corosync-notifyd
/usr/share/corosync/xml2conf.xsl
/usr/share/doc/corosync-2.4.0
/usr/share/doc/corosync-2.4.0/LICENSE
/usr/share/doc/corosync-2.4.0/SECURITY
/usr/share/man/man5/corosync.conf.5.gz
/usr/share/man/man5/corosync.xml.5.gz
/usr/share/man/man5/votequorum.5.gz
/usr/share/man/man8/cmap_keys.8.gz
/usr/share/man/man8/corosync-blackbox.8.gz
/usr/share/man/man8/corosync-cfgtool.8.gz
/usr/share/man/man8/corosync-cmapctl.8.gz
/usr/share/man/man8/corosync-cpgtool.8.gz
/usr/share/man/man8/corosync-keygen.8.gz
/usr/share/man/man8/corosync-notifyd.8.gz
/usr/share/man/man8/corosync-quorumtool.8.gz
/usr/share/man/man8/corosync-xmlproc.8.gz
/usr/share/man/man8/corosync.8.gz
/usr/share/man/man8/corosync_overview.8.gz
/usr/share/snmp/mibs/COROSYNC-MIB.txt
/var/lib/corosync
/var/log/cluster
# rpm -ql pacemaker #查看pacemaker所生成的配置文件;
/etc/sysconfig/pacemaker
/usr/lib/ocf/resource.d/.isolation
/usr/lib/ocf/resource.d/.isolation/docker-wrapper
/usr/lib/ocf/resource.d/pacemaker/controld
/usr/lib/ocf/resource.d/pacemaker/remote
/usr/lib/systemd/system/pacemaker.service
/usr/libexec/pacemaker/attrd
/usr/libexec/pacemaker/cib
/usr/libexec/pacemaker/cibmon
/usr/libexec/pacemaker/crmd
/usr/libexec/pacemaker/lrmd
/usr/libexec/pacemaker/lrmd_internal_ctl
/usr/libexec/pacemaker/pengine
/usr/libexec/pacemaker/stonith-test
/usr/libexec/pacemaker/stonithd
/usr/sbin/crm_attribute
/usr/sbin/crm_master
/usr/sbin/crm_node
/usr/sbin/pacemakerd
/usr/sbin/stonith_admin
/usr/share/doc/pacemaker-1.1.16
/usr/share/doc/pacemaker-1.1.16/COPYING
/usr/share/doc/pacemaker-1.1.16/ChangeLog
/usr/share/licenses/pacemaker-1.1.16
/usr/share/licenses/pacemaker-1.1.16/GPLv2
/usr/share/man/man7/crmd.7.gz
/usr/share/man/man7/ocf_pacemaker_controld.7.gz
/usr/share/man/man7/ocf_pacemaker_remote.7.gz
/usr/share/man/man7/pengine.7.gz
/usr/share/man/man7/stonithd.7.gz
/usr/share/man/man8/crm_attribute.8.gz
/usr/share/man/man8/crm_master.8.gz
/usr/share/man/man8/crm_node.8.gz
/usr/share/man/man8/pacemakerd.8.gz
/usr/share/man/man8/stonith_admin.8.gz
/usr/share/pacemaker/alerts
/usr/share/pacemaker/alerts/alert_file.sh.sample
/usr/share/pacemaker/alerts/alert_smtp.sh.sample
/usr/share/pacemaker/alerts/alert_snmp.sh.sample
/var/lib/pacemaker/cib
/var/lib/pacemaker/pengine
2、配置corosync
# cd /etc/corosync/
# cp corosync.conf.example
# cp corosync.conf.example corosync.conf
# 某些环境中可能不支持组播。这时应该配置Corosync使用单播;
# 下面是使用单播的Corosync 配置文件的一部分;
totem {
#...
interface {
ringnumber: 0
bindnetaddr: 10.180.22.0
broadcast: yes (1)
mcastport: 5405
}
interface {
ringnumber: 1
bindnetaddr: 10.180.22.0
brodcast: yes
mcastport: 5405
}
transport: udpu (2)
}
nodelist{ (3)
node {
ring0_addr: 10.180.22.166
ring1_addr:10.180.55.1
nodedid: 1
}
node {
ring0_addr: 10.180.22.167
ring1_addr: 10.180.55.2
nodeid: 2
}
# 如果将 broadcast 设置为yes,集群心跳将通过广播实现。设置该参数时,不能设置mcastaddr;
# transport 配置项决定集群通信方式,要完全禁用组播,应该配置单播传输参数 udpu;
# 这要求将所有的节点服务器信息写入nodelist;
# 也就是需要在配置HA 集群之前确定节点组成。默认配置是udp。 通信方式类型还支持udpu和iba;
# 在nodelist 之下可以为栽一节点设置只与该节点相关的信息,这些设置项只能包含在node之中;
# 即只能对属于集群的节点服务器进行设置,而且只应包括那些与默认设置不同的参数;
# 每台服务器都必需配置 ring0_addr;
# 实验中配置信息如下
# Please read the corosync.conf.5 manual page
totem {
version: 2
# crypto_cipher and crypto_hash: Used for mutual node authentication.
# If you choose to enable this, then do remember to create a shared
# secret with "corosync-keygen".
# enabling crypto_cipher, requires also enabling of crypto_hash.
crypto_cipher: aes128
crypto_hash: sha1
secauth: on
# interface: define at least one interface to communicate
# over. If you define more than one interface stanza, you must
# also set rrp_mode.
interface {
# Rings must be consecutively numbered, starting at 0.
ringnumber: 0
# This is normally the *network* address of the
# interface to bind to. This ensures that you can use
# identical instances of this configuration file
# across all your cluster nodes, without having to
# modify this option.
bindnetaddr: 10.180.0.0
# However, if you have multiple physical network
# interfaces configured for the same subnet, then the
# network address alone is not sufficient to identify
# the interface Corosync should bind to. In that case,
# configure the *host* address of the interface
# instead:
# bindnetaddr: 192.168.1.1
# When selecting a multicast address, consider RFC
# 2365 (which, among other things, specifies that
# 239.255.x.x addresses are left to the discretion of
# the network administrator). Do not reuse multicast
# addresses across multiple Corosync clusters sharing
# the same network.
mcastaddr: 239.185.1.31
# Corosync uses the port you specify here for UDP
# messaging, and also the immediately preceding
# port. Thus if you set this to 5405, Corosync sends
# messages over UDP ports 5405 and 5404.
mcastport: 5405
# Time-to-live for cluster communication packets. The
# number of hops (routers) that this ring will allow
# itself to pass. Note that multicast routing must be
# specifically enabled on most network routers.
ttl: 1
}
}
nodelist{
node {
ring0_addr: 10.180.22.166
nodedid: 1
}
node {
ring0_addr: 10.180.22.167
nodeid: 2
}
node {
ring0_addr: 10.180.22.168
nodeid: 3
}
}
logging {
# Log the source file and line where messages are being
# generated. When in doubt, leave off. Potentially useful for
# debugging.
fileline: off
# Log to standard error. When in doubt, set to no. Useful when
# running in the foreground (when invoking "corosync -f")
to_stderr: no
# Log to a log file. When set to "no", the "logfile" option
# must not be set.
to_logfile: yes
logfile: /var/log/cluster/corosync.log
# Log to the system log daemon. When in doubt, set to yes.
to_syslog: no
# Log debug messages (very verbose). When in doubt, leave off.
debug: off
# Log messages with time stamps. When in doubt, set to on
# (unless you are only logging to syslog, where double
# timestamps can be annoying).
timestamp: on
logger_subsys {
subsys: QUORUM
debug: off
}
}
quorum {
# Enable and configure quorum subsystem (default: off)
# see also corosync.conf.5 and votequorum.5
provider: corosync_votequorum
}
# 生成密钥文件
# corosync-keygen
# scp -p authkey coronsync.conf root@node2.ssjinyao.com:/etc/corosync
# corosync 启动集群投票系统默认必需需要三人结点;
# systemctl start corosync.serivce #这个时候启动是失败的;
# systemctl status corosync.serivce #查看corosync的状态信息;
# 此时需要开启另一个结点
# yum -y install corosync pacemaker
# Node1 中执行
# scp -p /etc/coronsync.conf /etc/authkey root@node2.ssjinyao.com:/etc/corosync
3、验证结点
# corosync-cfgtool -s # 验证结点
# corosync-cmapctl #查看结点间的信息;
# grep -v '^[[:space:]]*#' /etc/corosync.conf # 保存实用的配置示例
4、编辑pacemaker
# vim /etc/sysconfig/pacemaker
PCMK_logfile= /var/log/pacemaker.log
# 各个节点间需要启动pacemaker
# systemctl start pacemaker.service
# crm_mon # 进行验证
5、 crm 工具的使用简明
# crm_node -n # 查看当前节点信息
# crm_node -l # 例出集群所有的节点信息
# crm_verify -L -V # 但看报错信息
# crm shell 的安装与使用,若无rpm包,可在网上找相关的rpm包
# yum -y install crmsh pssh python-pssh
HA Web Service
vip: 10.180.xx.xxx, ocf:hearbeat:IPaddr
httpd: systemd
nfs shared storage: ocf:heartbeat:Filesystem
Ha Cluster 工作模型:
A/P: 两节点集群; active/apsslve;
without-quorum-policy=(stop|ignore|suicide|freeze)
A/A:
# node0
# mkdir -pv /www/htdocs
# echo "<h1> Test Page on NFS Server</h1>" > /www/htdocs/index.html
# vim /etc/exports
/www/htdocs 10.180.xx.xxx/16(rw)
# iptables -L -n # 查看是否有防火墙规则
# checkconfig nfs on
# systemctl start nfs
# node 1
# showmount -e 10.180.xx.xxx
# mount -t nfs 10.180.xx.xxx:/www/htdocs /var/www/html # 挂载网络存储NFS
# systemctl start httpd
# systemctl enable httpd
# 此时便可以查看能否可以能否访问到以上的测试信息
# node 2
# systemctl start httpd
# systemctl enabl httpd
# crm configure
crm(live)configure# show
crm(live)# configure property
crm(live)# configure property stonith-enabled=false
crm(live)# configrue verify
crm(live)# show
crm(live)# configure commit
crm(live)# configure
crm(live)configure# primitive webip ocf:heartbeat:IPaddr2 params ip="10.180.xx.xxx" op monitor interval=30s timeout=20s
crm(live)# configure show
crm(live)# configure commit
crm(live)# configure edit # 可以打开vim编辑配置文件
crm(live)# configure verify
crm(live)# configure primitive webstore ocf:heartbat:Filesystem params device="10.180.xx.xxx:/www/htdocs" directory="/var/www/html" fstype="nfs" op start timeout=60s op stop timeout=60s op monitor interval=20s timeout=40s
crm(live)# configure verify
crm(live)configure# colocation webserver_with_webstore_and_webip inf: webserver
( webip webstore )
crm(live)# show xmls # 查看xml格式的配置
crm(live)configure# order webstore_afer_webip Mandatory: webip webstore
crm(live)configure# order webserver_after_webstore Manadatory: webstore webserver
crm(live)configure# verify
crm(live)configure# commit
crm(live)configure# location webservice_perf_node1 webip 100: node1.ssjinao.com
crm(live)configure# verify
crm(live)configure# commit
crom(live)configure# property default-resource-sticklines = 50
# systemctl stop httpd.service
# systemctl enable httpd.service
# crm_verify -V -L
# crm node standby
# crm onde online
